@alibaba-group/open-code-review 1.1.7 → 1.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,16 @@
1
+ {
2
+ "name": "open-code-review",
3
+ "owner": {
4
+ "name": "alibaba"
5
+ },
6
+ "description": "AI-powered code review agent that reads Git diffs, analyzes changed files with LLM tool-use capabilities, and generates structured line-level review comments with cross-referential context awareness.",
7
+ "plugins": [
8
+ {
9
+ "name": "open-code-review",
10
+ "source": "./plugins/open-code-review",
11
+ "description": "Perform AI code review on Git diffs — supports workspace changes, branch ranges, and single commits with concurrent per-file analysis, codebase search, and deep context-aware review.",
12
+ "version": "1.0.0",
13
+ "license": "Apache-2.0"
14
+ }
15
+ ]
16
+ }
@@ -0,0 +1,219 @@
1
+ # Contributing to OpenCodeReview
2
+
3
+ Thank you for your interest in contributing to OpenCodeReview! Every contribution matters — whether it's fixing a typo, reporting a bug, or implementing a new feature.
4
+
5
+ [简体中文版](CONTRIBUTING.zh-CN.md)
6
+
7
+ ## Code of Conduct
8
+
9
+ By participating in this project, you agree to maintain a respectful and inclusive environment. Please be kind and constructive in all interactions.
10
+
11
+ ## Ways to Contribute
12
+
13
+ There are many ways to contribute beyond writing code:
14
+
15
+ - **Report bugs** — Found something broken? Open an issue with reproduction steps.
16
+ - **Suggest features** — Have an idea for improvement? You can start a conversation in [GitHub Discussions](https://github.com/alibaba/open-code-review/discussions/categories/ideas) or open a [Feature Request](https://github.com/alibaba/open-code-review/issues/new?template=feature_request.yml) issue.
17
+ - **Improve documentation** — Fix typos, clarify explanations, or add examples. You can also open a [Documentation Issue](https://github.com/alibaba/open-code-review/issues/new?template=docs_report.yml) to report problems.
18
+ - **Review pull requests** — Help us review code from other contributors.
19
+ - **Write code** — Fix bugs, add features, or improve performance.
20
+
21
+ ## Getting Started
22
+
23
+ ### Prerequisites
24
+
25
+ - [Go 1.25+](https://go.dev/dl/)
26
+ - [Git](https://git-scm.com/)
27
+ - [Make](https://www.gnu.org/software/make/)
28
+
29
+ ### Setup
30
+
31
+ ```bash
32
+ # 1. Fork the repository on GitHub
33
+
34
+ # 2. Clone your fork
35
+ git clone https://github.com/<your-username>/open-code-review.git
36
+ cd open-code-review
37
+
38
+ # 3. Add upstream remote (for syncing updates from the main repo)
39
+ git remote add upstream https://github.com/alibaba/open-code-review.git
40
+
41
+ # 4. Build the project
42
+ make build
43
+
44
+ # 5. Run tests
45
+ make test
46
+ ```
47
+
48
+ If everything passes, you're ready to contribute.
49
+
50
+ > **Note:** The `upstream` remote is read-only for contributors — it is used to pull the latest changes from the main repository. You cannot push directly to upstream. All contributions must be pushed to your fork (`origin`) and submitted via Pull Request.
51
+
52
+ ## Development Workflow
53
+
54
+ ### Branching
55
+
56
+ Create a feature branch from `main`:
57
+
58
+ ```bash
59
+ git checkout main
60
+ git pull upstream main
61
+ git checkout -b feat/your-feature-name
62
+ ```
63
+
64
+ Use prefixes to indicate the type of change:
65
+
66
+ | Prefix | Purpose |
67
+ | ----------- | ------------------------------------- |
68
+ | `feat/` | New feature |
69
+ | `fix/` | Bug fix |
70
+ | `docs/` | Documentation only |
71
+ | `refactor/` | Code refactoring (no behavior change) |
72
+ | `test/` | Adding or updating tests |
73
+ | `chore/` | Build, CI, or tooling changes |
74
+
75
+ ### Commit Messages
76
+
77
+ Follow [Conventional Commits](https://www.conventionalcommits.org/) format:
78
+
79
+ ```
80
+ <type>(<scope>): <short summary>
81
+
82
+ [optional body]
83
+ ```
84
+
85
+ Examples:
86
+
87
+ ```
88
+ feat(agent): add support for custom tool definitions
89
+ fix(llm): handle timeout errors in Anthropic API calls
90
+ docs(README): update configuration examples
91
+ ```
92
+
93
+ ### Code Quality
94
+
95
+ Before submitting your changes, make sure they pass all checks:
96
+
97
+ ```bash
98
+ # Format and lint (Go standard tooling)
99
+ go fmt ./...
100
+ go vet ./...
101
+
102
+ # Run tests with race detection
103
+ make test
104
+
105
+ # Build successfully
106
+ make build
107
+ ```
108
+
109
+ ### Project Structure
110
+
111
+ ```
112
+ ├── cmd/opencodereview/ # CLI entry point
113
+ ├── internal/
114
+ │ ├── agent/ # Review agent logic
115
+ │ ├── config/ # Configuration management
116
+ │ ├── diff/ # Git diff parsing
117
+ │ ├── llm/ # LLM API client (Anthropic & OpenAI)
118
+ │ ├── model/ # Data models
119
+ │ ├── session/ # Review session management
120
+ │ ├── tool/ # Built-in tools (file_read, code_search, etc.)
121
+ │ ├── telemetry/ # OpenTelemetry integration
122
+ │ └── viewer/ # WebUI session viewer
123
+ ├── pages/ # WebUI frontend
124
+ ├── scripts/ # Build & install scripts
125
+ └── bin/ # NPM wrapper
126
+ ```
127
+
128
+ ## Contributing to Documentation
129
+
130
+ Documentation is a crucial part of OpenCodeReview. We welcome improvements to README files, inline code comments, configuration examples, and any user-facing text.
131
+
132
+ ### What Counts as a Documentation Contribution
133
+
134
+ - Fixing typos, grammar errors, or broken links
135
+ - Clarifying confusing explanations or adding missing context
136
+ - Adding usage examples for commands or configuration options
137
+ - Updating outdated content (e.g., after a feature change)
138
+ - Translating or improving the Chinese documentation (`README.zh-CN.md`, `CONTRIBUTING.zh-CN.md`)
139
+
140
+ ### Documentation Workflow
141
+
142
+ 1. If you spot an issue but don't plan to fix it yourself, open a [Documentation Issue](https://github.com/alibaba/open-code-review/issues/new?template=docs_report.yml).
143
+ 2. If you'd like to fix it, fork the repo, make your changes, and submit a PR with the `docs/` branch prefix (e.g., `docs/fix-config-example`).
144
+ 3. Documentation-only PRs don't require test changes, but please verify that any commands or code snippets you include are accurate.
145
+
146
+ ### Documentation Files
147
+
148
+ | File | Purpose |
149
+ | ----------------------- | ------------------------------------ |
150
+ | `README.md` | Main project documentation (English) |
151
+ | `README.zh-CN.md` | Chinese translation |
152
+ | `CONTRIBUTING.md` | Contribution guide (English) |
153
+ | `CONTRIBUTING.zh-CN.md` | Contribution guide (Chinese) |
154
+ | `NPM-README.md` | Description shown on npm registry |
155
+
156
+ ## Submitting Changes
157
+
158
+ ### Opening an Issue
159
+
160
+ Before working on a significant change, please open an issue first to discuss the approach. This prevents duplicate work and ensures your contribution aligns with the project's direction.
161
+
162
+ When reporting a bug, include:
163
+
164
+ 1. OpenCodeReview version (`ocr version`)
165
+ 2. OS and architecture
166
+ 3. Steps to reproduce
167
+ 4. Expected vs. actual behavior
168
+ 5. Relevant logs or error messages
169
+
170
+ ### Pull Request Process
171
+
172
+ 1. **Keep PRs focused** — One logical change per PR. If you have multiple independent changes, submit separate PRs.
173
+ 2. **Write tests** — Add or update tests for any behavior changes.
174
+ 3. **Update docs** — If your change affects user-facing behavior, update the relevant documentation.
175
+ 4. **Sign the CLA** — All contributors must sign the Contributor License Agreement before their PR can be merged (see below).
176
+ 5. **Fill in the PR template** — Describe what your change does and why.
177
+
178
+ ### PR Title Format
179
+
180
+ Use the same Conventional Commits format as commit messages:
181
+
182
+ ```
183
+ feat(agent): add support for custom tool definitions
184
+ ```
185
+
186
+ ### Review Process
187
+
188
+ - A maintainer will review your PR, usually within a few business days.
189
+ - We may request changes — this is normal and collaborative, not adversarial.
190
+ - Once approved, a maintainer will merge your PR.
191
+
192
+ ## Contributor License Agreement (CLA)
193
+
194
+ We require all contributors to sign the Alibaba Open Source Contributor License Agreement before we can merge your contributions. This ensures that the project can be distributed under its license terms.
195
+
196
+ When you open your first PR, a CLA bot will post a comment with instructions. Simply follow the link to sign electronically — it only takes a minute.
197
+
198
+ ## First-Time Contributors
199
+
200
+ New to the project? Look for issues labeled:
201
+
202
+ - [`good first issue`](https://github.com/alibaba/open-code-review/labels/good%20first%20issue) — Small, well-scoped tasks ideal for getting started.
203
+ - [`help wanted`](https://github.com/alibaba/open-code-review/labels/help%20wanted) — Issues where we'd appreciate community help.
204
+
205
+ Some good areas to start:
206
+
207
+ - Improving error messages and CLI output
208
+ - Writing tests for untested code paths
209
+ - Documentation improvements
210
+
211
+ ## Community
212
+
213
+ - **Bug Reports** — [GitHub Issues](https://github.com/alibaba/open-code-review/issues)
214
+ - **Feature Suggestions** — [GitHub Discussions (Ideas)](https://github.com/alibaba/open-code-review/discussions/categories/ideas) or [Feature Request Issue](https://github.com/alibaba/open-code-review/issues/new?template=feature_request.yml)
215
+ - **Questions & Help** — If you have any questions about using OpenCodeReview, feel free to ask in [GitHub Discussions](https://github.com/alibaba/open-code-review/discussions)
216
+
217
+ ## License
218
+
219
+ By contributing to OpenCodeReview, you agree that your contributions will be licensed under the [Apache License 2.0](LICENSE).
@@ -0,0 +1,219 @@
1
+ # 贡献指南
2
+
3
+ 感谢你对 OpenCodeReview 的关注!无论是修复拼写错误、报告 Bug,还是实现新功能,每一份贡献都很有价值。
4
+
5
+ [English version](CONTRIBUTING.md)
6
+
7
+ ## 行为准则
8
+
9
+ 参与本项目即表示你同意维护一个尊重和包容的环境。请在所有交流中保持友善和建设性。
10
+
11
+ ## 贡献方式
12
+
13
+ 除了写代码,还有很多方式可以参与贡献:
14
+
15
+ - **报告 Bug** — 发现问题?请提交 issue 并附上复现步骤。
16
+ - **建议功能** — 有改进想法?可以在 [GitHub Discussions](https://github.com/alibaba/open-code-review/discussions/categories/ideas) 中发起讨论,或直接提交一个 [Feature Request](https://github.com/alibaba/open-code-review/issues/new?template=feature_request.yml) issue。
17
+ - **改进文档** — 修复错别字、完善说明或补充示例。也可以提交一个 [Documentation Issue](https://github.com/alibaba/open-code-review/issues/new?template=docs_report.yml) 来报告文档问题。
18
+ - **审查 PR** — 帮助我们审查其他贡献者的代码。
19
+ - **编写代码** — 修复 Bug、添加功能或提升性能。
20
+
21
+ ## 快速开始
22
+
23
+ ### 前置条件
24
+
25
+ - [Go 1.25+](https://go.dev/dl/)
26
+ - [Git](https://git-scm.com/)
27
+ - [Make](https://www.gnu.org/software/make/)
28
+
29
+ ### 环境搭建
30
+
31
+ ```bash
32
+ # 1. 在 GitHub 上 Fork 本仓库
33
+
34
+ # 2. 克隆你的 Fork
35
+ git clone https://github.com/<你的用户名>/open-code-review.git
36
+ cd open-code-review
37
+
38
+ # 3. 添加上游远端(用于同步主仓库的最新变更)
39
+ git remote add upstream https://github.com/alibaba/open-code-review.git
40
+
41
+ # 4. 构建项目
42
+ make build
43
+
44
+ # 5. 运行测试
45
+ make test
46
+ ```
47
+
48
+ 如果一切通过,就可以开始贡献了。
49
+
50
+ > **注意:** `upstream` 远端对贡献者是只读的,仅用于拉取主仓库的最新更新。你不能直接向 upstream 推送代码,所有贡献必须推送到你的 fork(`origin`),然后通过 Pull Request 提交。
51
+
52
+ ## 开发工作流
53
+
54
+ ### 分支管理
55
+
56
+ 从 `main` 创建功能分支:
57
+
58
+ ```bash
59
+ git checkout main
60
+ git pull upstream main
61
+ git checkout -b feat/your-feature-name
62
+ ```
63
+
64
+ 使用前缀标明变更类型:
65
+
66
+ | 前缀 | 用途 |
67
+ | ----------- | ---------------------- |
68
+ | `feat/` | 新功能 |
69
+ | `fix/` | Bug 修复 |
70
+ | `docs/` | 仅文档变更 |
71
+ | `refactor/` | 代码重构(无行为变化) |
72
+ | `test/` | 添加或更新测试 |
73
+ | `chore/` | 构建、CI 或工具链变更 |
74
+
75
+ ### 提交信息
76
+
77
+ 遵循 [Conventional Commits](https://www.conventionalcommits.org/) 规范:
78
+
79
+ ```
80
+ <type>(<scope>): <简短描述>
81
+
82
+ [可选的详细说明]
83
+ ```
84
+
85
+ 示例:
86
+
87
+ ```
88
+ feat(agent): add support for custom tool definitions
89
+ fix(llm): handle timeout errors in Anthropic API calls
90
+ docs(README): update configuration examples
91
+ ```
92
+
93
+ ### 代码质量
94
+
95
+ 提交前请确保通过以下检查:
96
+
97
+ ```bash
98
+ # 格式化和静态检查
99
+ go fmt ./...
100
+ go vet ./...
101
+
102
+ # 带竞态检测运行测试
103
+ make test
104
+
105
+ # 构建成功
106
+ make build
107
+ ```
108
+
109
+ ### 项目结构
110
+
111
+ ```
112
+ ├── cmd/opencodereview/ # CLI 入口
113
+ ├── internal/
114
+ │ ├── agent/ # 评审 Agent 逻辑
115
+ │ ├── config/ # 配置管理
116
+ │ ├── diff/ # Git diff 解析
117
+ │ ├── llm/ # LLM API 客户端(Anthropic & OpenAI)
118
+ │ ├── model/ # 数据模型
119
+ │ ├── session/ # 评审会话管理
120
+ │ ├── tool/ # 内置工具(file_read, code_search 等)
121
+ │ ├── telemetry/ # OpenTelemetry 集成
122
+ │ └── viewer/ # WebUI 会话查看器
123
+ ├── pages/ # WebUI 前端
124
+ ├── scripts/ # 构建和安装脚本
125
+ └── bin/ # NPM 包装器
126
+ ```
127
+
128
+ ## 文档贡献
129
+
130
+ 文档是 OpenCodeReview 的重要组成部分。我们欢迎对 README、代码注释、配置示例以及任何面向用户的文本进行改进。
131
+
132
+ ### 哪些算文档贡献
133
+
134
+ - 修复错别字、语法错误或失效链接
135
+ - 完善表述不清的说明或补充缺失的上下文
136
+ - 为命令或配置项添加使用示例
137
+ - 更新过时的内容(例如功能变更后的文档同步)
138
+ - 翻译或改进中英文文档(`README.zh-CN.md`、`CONTRIBUTING.zh-CN.md`)
139
+
140
+ ### 文档贡献流程
141
+
142
+ 1. 如果你发现问题但暂时不打算自己修复,请提交一个 [Documentation Issue](https://github.com/alibaba/open-code-review/issues/new?template=docs_report.yml)。
143
+ 2. 如果你想直接修复,fork 仓库后修改,提交 PR 时使用 `docs/` 分支前缀(例如 `docs/fix-config-example`)。
144
+ 3. 纯文档 PR 不需要修改测试,但请确保文中涉及的命令和代码片段准确无误。
145
+
146
+ ### 文档文件一览
147
+
148
+ | 文件 | 用途 |
149
+ | ----------------------- | -------------------- |
150
+ | `README.md` | 项目主文档(英文) |
151
+ | `README.zh-CN.md` | 中文翻译 |
152
+ | `CONTRIBUTING.md` | 贡献指南(英文) |
153
+ | `CONTRIBUTING.zh-CN.md` | 贡献指南(中文) |
154
+ | `NPM-README.md` | npm 发布页展示的说明 |
155
+
156
+ ## 提交变更
157
+
158
+ ### 提交 Issue
159
+
160
+ 在进行重大修改之前,请先开一个 issue 讨论方案。这可以避免重复劳动,并确保你的贡献与项目方向一致。
161
+
162
+ 报告 Bug 时请包含:
163
+
164
+ 1. OpenCodeReview 版本(`ocr version`)
165
+ 2. 操作系统和架构
166
+ 3. 复现步骤
167
+ 4. 预期行为与实际行为
168
+ 5. 相关日志或错误信息
169
+
170
+ ### Pull Request 流程
171
+
172
+ 1. **保持 PR 聚焦** — 每个 PR 只包含一个逻辑变更。多个独立改动请分别提交 PR。
173
+ 2. **编写测试** — 为行为变更添加或更新测试。
174
+ 3. **更新文档** — 如果变更影响用户侧行为,请同步更新相关文档。
175
+ 4. **签署 CLA** — 所有贡献者需在 PR 合并前签署贡献者许可协议(详见下方)。
176
+ 5. **填写 PR 模板** — 描述你的改动是什么以及为什么这样做。
177
+
178
+ ### PR 标题格式
179
+
180
+ 使用与 commit message 相同的 Conventional Commits 格式:
181
+
182
+ ```
183
+ feat(agent): add support for custom tool definitions
184
+ ```
185
+
186
+ ### 审查流程
187
+
188
+ - 维护者通常会在几个工作日内审查你的 PR。
189
+ - 我们可能会要求修改——这很正常,是协作而非对立。
190
+ - 一旦批准,维护者会合并你的 PR。
191
+
192
+ ## 贡献者许可协议(CLA)
193
+
194
+ 我们要求所有贡献者在合并代码前签署阿里巴巴开源贡献者许可协议(CLA)。这确保项目可以在其许可条款下合法分发。
195
+
196
+ 当你首次提交 PR 时,CLA bot 会自动发布评论并附上签署说明。只需点击链接进行电子签署即可,整个过程只需一分钟。
197
+
198
+ ## 新手推荐
199
+
200
+ 第一次参与?可以关注以下标签的 issue:
201
+
202
+ - [`good first issue`](https://github.com/alibaba/open-code-review/labels/good%20first%20issue) — 小型、范围明确的任务,适合快速上手。
203
+ - [`help wanted`](https://github.com/alibaba/open-code-review/labels/help%20wanted) — 我们希望得到社区帮助的问题。
204
+
205
+ 适合入手的方向:
206
+
207
+ - 改善错误信息和 CLI 输出
208
+ - 为未覆盖的代码路径编写测试
209
+ - 文档改进
210
+
211
+ ## 社区
212
+
213
+ - **Bug 报告** — [GitHub Issues](https://github.com/alibaba/open-code-review/issues)
214
+ - **功能建议** — [GitHub Discussions (Ideas)](https://github.com/alibaba/open-code-review/discussions/categories/ideas) 或 [Feature Request Issue](https://github.com/alibaba/open-code-review/issues/new?template=feature_request.yml)
215
+ - **使用疑问与帮助** — 对 OpenCodeReview 的使用有任何疑问,欢迎在 [GitHub Discussions](https://github.com/alibaba/open-code-review/discussions) 中提问交流
216
+
217
+ ## 许可证
218
+
219
+ 向 OpenCodeReview 贡献代码即表示你同意你的贡献将以 [Apache License 2.0](LICENSE) 进行许可。
package/README.zh-CN.md CHANGED
@@ -15,15 +15,53 @@
15
15
 
16
16
  ---
17
17
 
18
- AI 驱动的代码审查 CLI 工具,读取 Git diff,通过具备工具调用能力的 Agent 将变更文件发送至可配置的 LLM,生成具有行级精度的结构化审查意见。
18
+ ## Open Code Review 是什么?
19
19
 
20
- Agent 可以读取完整文件内容、搜索代码库、检查其他变更文件以获取上下文,从而进行深度审查 —— 而非仅停留在表面的 diff 反馈。
20
+ Open Code Review 是一款 AI 驱动的代码审查 CLI 工具。它的前身是阿里集团内部官方 AI 代码审查助手,过去两年在内部服务了数万开发者,识别了数百万个代码缺陷。经过大规模充分验证后,我们将其孵化为开源项目,对社区开放。只需配置一个模型端点即可使用。
21
21
 
22
- ![Open Benchmark](imgs/open-benchmark.png)
22
+ 它读取 Git diff,通过具备工具调用能力的 Agent 将变更文件发送至可配置的 LLM,生成具有行级精度的结构化审查意见。Agent 可以读取完整文件内容、搜索代码库、检查其他变更文件以获取上下文,从而进行深度审查——而非仅停留在表面的 diff 反馈。
23
23
 
24
- ## 安装
24
+ ![Highlights](imgs/highlights-zh.png)
25
25
 
26
- ### 通过 NPM 安装(推荐)
26
+ ## 为什么选择 Open Code Review?
27
+
28
+ ### 通用 Agent 的局限
29
+
30
+ 如果你深度用过 Claude Code 等通用 Agent + Skills 方案做代码审查,可能对以下问题深有同感:
31
+
32
+ - **覆盖不全** —— 变更较大时,Agent 倾向于"偷懒",选择性地审查部分文件,导致遗漏。
33
+ - **位置漂移** —— 报告的问题与实际代码位置常常对不上,出现行号或文件偏移。
34
+ - **效果不稳定** —— 基于自然语言驱动的 Skills 难以调试,审查质量因提示词的细微差异而大幅波动。
35
+
36
+ 这些问题的根源在于:纯语言驱动的架构缺乏对审查流程的强约束。
37
+
38
+ ### 核心设计:确定性工程 × Agent 混合驱动
39
+
40
+ Open Code Review 的核心设计理念是将确定性工程与 Agent 结合,各司其职。
41
+
42
+ **确定性工程——负责强约束**
43
+
44
+ 对代码审查场景中"不能出错"的环节,由工程逻辑而非语言模型来保证:
45
+
46
+ - **精准的文件筛选** —— 明确哪些文件需要审查、哪些应当过滤,确保真正重要的改动一个不漏。
47
+ - **智能的文件打包** —— 将关联文件归并为同一审查单元(例如 `message_en.properties` 与 `message_zh.properties` 会被打包在一起)。每个包会作为 sub-agent 进行任务,它们之间的上下文是隔离的——这一分治策略在超大变更场景下表现更为稳定,同时天然支持并发审查。
48
+ - **精细化规则匹配** —— 针对不同文件的特征,匹配对应的审查规则,确保模型的注意力足够聚焦,从源头规避信息噪声的干扰。相比纯语言驱动的规则引导,基于模板引擎的规则匹配行为更稳定、结果更可预期。
49
+ - **外挂的定位与反思组件** —— 独立的评论定位模块与评论反思模块,系统性地提升 AI 反馈的位置准确性与内容准确性。
50
+
51
+ **Agent——负责动态决策**
52
+
53
+ 将 Agent 的优势集中发挥在它真正擅长的地方——动态决策、动态召回上下文:
54
+
55
+ - **场景化提示词调优** —— 针对代码审查场景深度优化提示词模板,在提升效果的同时有效降低 Token 消耗。
56
+ - **场景化工具集沉淀** —— 基于对大量线上数据中工具调用轨迹的深入分析,包括不同工具的调用频率分布、单一工具的重复调用率、新增工具对整体调用链路的影响等多维度分析,从而对通用 Agent 工具集进行取舍与拆分,最终沉淀出一套在代码审查场景下效果更稳定、行为更可预期的专属工具集。
57
+
58
+ ## 如何使用
59
+
60
+ ### CLI
61
+
62
+ #### 安装
63
+
64
+ **通过 NPM 安装(推荐)**
27
65
 
28
66
  ```bash
29
67
  npm install -g @alibaba-group/open-code-review
@@ -31,7 +69,7 @@ npm install -g @alibaba-group/open-code-review
31
69
 
32
70
  安装后,`ocr` 命令即可全局使用。
33
71
 
34
- ### GitHub Release 下载
72
+ **从 GitHub Release 下载**
35
73
 
36
74
  从 [GitHub Releases](https://github.com/alibaba/open-code-review/releases) 下载最新二进制文件:
37
75
 
@@ -53,7 +91,7 @@ curl -Lo ocr https://github.com/alibaba/open-code-review/releases/latest/downloa
53
91
  chmod +x ocr && sudo mv ocr /usr/local/bin/ocr
54
92
  ```
55
93
 
56
- ### 从源码构建
94
+ **从源码构建**
57
95
 
58
96
  ```bash
59
97
  git clone https://github.com/alibaba/open-code-review.git
@@ -62,9 +100,9 @@ make build
62
100
  sudo cp dist/opencodereview /usr/local/bin/ocr
63
101
  ```
64
102
 
65
- ## 快速开始
103
+ #### 快速开始
66
104
 
67
- ### 1. 配置 LLM
105
+ **1. 配置 LLM**
68
106
 
69
107
  **在审查代码之前,必须先配置 LLM。**
70
108
 
@@ -84,15 +122,15 @@ export OCR_USE_ANTHROPIC=true
84
122
 
85
123
  配置存储于 `~/.opencodereview/config.json`。
86
124
 
87
- 工具也会回退使用 Claude Code 环境变量(`ANTHROPIC_BASE_URL`、`ANTHROPIC_AUTH_TOKEN`、`ANTHROPIC_MODEL`),并解析 `~/.zshrc` / `~/.bashrc` 中的相关导出。
125
+ 同时兼容了 Claude Code 环境变量(`ANTHROPIC_BASE_URL`、`ANTHROPIC_AUTH_TOKEN`、`ANTHROPIC_MODEL`),并解析 `~/.zshrc` / `~/.bashrc` 中的相关导出。
88
126
 
89
- ### 2. 测试连通性
127
+ **2. 测试连通性**
90
128
 
91
129
  ```bash
92
130
  ocr llm test
93
131
  ```
94
132
 
95
- ### 3. 开始审查
133
+ **3. 开始审查**
96
134
 
97
135
  ```bash
98
136
  cd your-project
@@ -107,6 +145,53 @@ ocr review --from main --to feature-branch
107
145
  ocr review --commit abc123
108
146
  ```
109
147
 
148
+ ### 集成到编程 Agent
149
+
150
+ OCR 可以无缝集成到 AI 编程 Agent 中,作为斜杠命令使用,在 Agent 工作流中直接进行代码审查。
151
+
152
+ #### 方式一:作为 Skill 安装
153
+
154
+ 使用 `npx` 将 OCR skill 安装到项目中:
155
+
156
+ ```bash
157
+ npx skills add alibaba/open-code-review --skill open-code-review
158
+ ```
159
+
160
+ 此命令从 [skills 注册表](skills/open-code-review/SKILL.md)安装 `open-code-review` skill,教会你的编程 Agent 如何调用 `ocr` 进行代码审查、按优先级分类问题,并可选择性地应用修复。
161
+
162
+ #### 方式二:作为 Claude Code Plugin 安装
163
+
164
+ 对于 [Claude Code](https://docs.anthropic.com/en/docs/claude-code),在 Claude Code 中通过以下命令安装命令插件:
165
+
166
+ ```bash
167
+ /plugin marketplace add alibaba/open-code-review
168
+ /plugin install open-code-review@open-code-review
169
+ ```
170
+
171
+ 此命令注册 `/open-code-review:review` 斜杠命令,运行 OCR 并自动过滤和修复问题。
172
+
173
+ #### 方式三:直接复制命令文件
174
+
175
+ 如果不想使用任何包管理器,可以直接复制命令文件,在 Claude Code 中使用 `/open-code-review` 斜杠命令。
176
+
177
+ **项目级**(通过 git 与团队共享):
178
+
179
+ ```bash
180
+ mkdir -p .claude/commands
181
+ curl -o .claude/commands/open-code-review.md \
182
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
183
+ ```
184
+
185
+ **用户级**(个人全局使用,适用于所有项目):
186
+
187
+ ```bash
188
+ mkdir -p ~/.claude/commands
189
+ curl -o ~/.claude/commands/open-code-review.md \
190
+ https://raw.githubusercontent.com/alibaba/open-code-review/main/plugins/open-code-review/commands/review.md
191
+ ```
192
+
193
+ > **前置条件**:所有集成方式都需要安装 `ocr` CLI 并配置 LLM。参见上方[安装](#安装)和[配置 LLM](#1-配置-llm)。
194
+
110
195
  ## 命令
111
196
 
112
197
  | 命令 | 别名 | 描述 |
@@ -196,20 +281,6 @@ OCR 通过四层优先级链解析评审规则。每层采用首次匹配原则
196
281
  - 在每一层内,规则按声明顺序评估 —— 首次匹配生效。
197
282
  - 如果规则文件不存在,将被静默跳过。
198
283
 
199
- ## 架构
200
-
201
- 审查 Agent 遵循**三阶段工作流**:
202
-
203
- 1. **计划阶段** —— 对于超过 50 行的变更,Agent 会在审查前进行风险分析。较小的 diff 直接跳至主阶段。
204
- 2. **主任务循环** —— 每个变更文件分配独立的 goroutine。LLM 在对话循环中与内置工具交互(读取文件、搜索代码、读取 diff、提交评论),直到调用 `task_done`。
205
- 3. **记忆压缩** —— 当提示上下文超过 token 阈值(异步 60%,同步 80%)时,Agent 使用三区分区(冻结 / 压缩 / 活跃)管理上下文窗口大小。
206
-
207
- ### 关键设计决策
208
-
209
- - **按文件并发处理** —— 文件并行审查(默认 8 个 worker)。超时机制防止单个文件阻塞其他文件。
210
- - **双协议支持** —— 同时支持 Anthropic Messages API 和 OpenAI Chat Completions API,自动 URL 规范化。
211
- - **工具调用 Agent** —— LLM 可以访问领域特定工具(`code_search`、`file_read`、`code_comment`、`file_find`、`file_read_diff`),实现跨引用的上下文感知审查,而非孤立的 diff 扫描。
212
-
213
284
  ## 配置参考
214
285
 
215
286
  配置文件:`~/.opencodereview/config.json`
@@ -237,48 +308,6 @@ OCR 通过四层优先级链解析评审规则。每层采用首次匹配原则
237
308
  | `OCR_LLM_MODEL` | 模型名称 |
238
309
  | `OCR_USE_ANTHROPIC` | `true` = Anthropic,`false` = OpenAI |
239
310
 
240
- ### 模板参数
241
-
242
- 内部默认值定义于 `internal/config/template/task_template.json`:
243
-
244
- | 参数 | 默认值 | 描述 |
245
- |------|--------|------|
246
- | `MAX_TOKENS` | 58888 | 每次 LLM 请求最大 token 数 |
247
- | `MAX_TOOL_REQUEST_TIMES` | 20 | 每个文件最大工具调用迭代次数 |
248
- | `PLAN_MODE_LINE_THRESHOLD` | 50 | 低于此行数跳过计划阶段 |
249
- | `TOOL_REQUEST_WAIT_TIME_MS` | 10000 | 单次工具请求超时时间 |
250
-
251
- ## 内置工具
252
-
253
- 审查过程中 LLM Agent 可调用的工具:
254
-
255
- | 工具 | 可用阶段 | 用途 |
256
- |------|----------|------|
257
- | `task_done` | main_task | 终止审查(DONE/FAILED) |
258
- | `code_comment` | main_task | 提交行级审查意见 |
259
- | `file_read` | main_task | 按行范围读取文件内容 |
260
- | `code_search` | plan + main | 跨文件搜索文本/正则表达式 |
261
- | `file_read_diff` | plan + main | 查看其他变更文件的 diff 内容 |
262
- | `file_find` | plan + main | 按文件名关键词查找文件 |
263
-
264
- ## 系统审查规则
265
-
266
- 按文件类型通过 glob 模式匹配的内置审查清单,定义于 `internal/config/rules/system_rules.json`:
267
-
268
- | 模式 | 关注领域 |
269
- |------|----------|
270
- | `*.java` | NPE 风险、死循环、switch 穿透、N+1 查询、线程安全 |
271
- | `*.{ts,js,tsx,jsx}` | 代码质量、React 最佳实践、异步规范、XSS/安全 |
272
- | `*.kt` | 空安全、协程使用、惯用模式 |
273
- | `*{go,py,ets,lua,dart,swift,groovy}` | 逻辑缺陷、拼写错误 |
274
- | `*{cpp,cc,hpp}` | 智能指针、RAII、STL、const 正确性 |
275
- | `*.c` | malloc/free 配对、缓冲区溢出 |
276
- | `pom.xml` / `build.gradle` | 禁止 SNAPSHOT 版本 |
277
- | `package.json` | latest/通配符版本、依赖冲突 |
278
- | `*mapper*.xml` / `*dao*.xml` | SQL 注入、性能、逻辑错误 |
279
- | `*.properties` | 拼写检测、重复键、安全问题 |
280
-
281
- 可通过 `--rule path/to/rules.json` 覆盖。
282
311
 
283
312
  ## 遥测
284
313
 
@@ -292,15 +321,9 @@ ocr config set telemetry.otlp_endpoint localhost:4317
292
321
 
293
322
  设置 `telemetry.content_logging` 可在导出数据中包含 LLM 提示词和响应。
294
323
 
295
- ## 开发
324
+ ## 贡献
296
325
 
297
- ```bash
298
- make build # 为当前平台构建
299
- make test # 带竞态检测运行测试
300
- make clean # 清除 dist/
301
- make build-all # 交叉编译(linux/amd64, linux/arm64, darwin/amd64, darwin/arm64)
302
- make dist # 完整发布流水线
303
- ```
326
+ 参见 [CONTRIBUTING.zh-CN.md](CONTRIBUTING.zh-CN.md) 了解开发环境搭建、编码规范以及如何提交 Pull Request。
304
327
 
305
328
  ## 许可证
306
329
 
Binary file
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@alibaba-group/open-code-review",
3
- "version": "1.1.7",
3
+ "version": "1.1.8",
4
4
  "description": "OpenCodeReview CLI — AI-powered code review tool",
5
5
  "bin": {
6
6
  "ocr": "bin/ocr.js"
@@ -0,0 +1,6 @@
1
+ {
2
+ "name": "open-code-review",
3
+ "commands": "./commands",
4
+ "description": "Perform AI code review on Git diffs — supports workspace changes, branch ranges, and single commits with concurrent per-file analysis, codebase search, and deep context-aware review.",
5
+ "version": "1.0.0"
6
+ }
@@ -0,0 +1,35 @@
1
+ ---
2
+ description: Run OpenCodeReview (OCR) to review code changes and autonomously apply fixes.
3
+ ---
4
+
5
+ Invoke the professional code review Agent CLI tool OpenCodeReview (OCR) to review current code changes, and let the Agent autonomously decide whether to apply fixes.
6
+
7
+ ## Workflow
8
+
9
+ ### Step 1: Run Code Review
10
+
11
+ Run the OCR command:
12
+
13
+ ```bash
14
+ ocr review --audience agent [user-args]
15
+ ```
16
+ - Default (no user arguments): reviews staged, unstaged, and untracked changes (workspace mode).
17
+ - If the user provides `--commit` or `--c`: pass through as-is.
18
+ - If the user provides `--from` and `--to`: pass through as-is.
19
+ - (Optional) Provide `--background "requirement context"` to review whether the requirements are correctly implemented.
20
+ - Capture full stdout. Set a 5-minute timeout.
21
+ - If the `ocr` command is not found, install it by running `npm i -g @alibaba-group/open-code-review`.
22
+
23
+ ### Step 2: Filter and Evaluate
24
+
25
+ For each comment, assess its validity and quality:
26
+
27
+ - **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals
28
+ - **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation
29
+ - **Low**: Likely false positives, lacking sufficient context, nitpicks, or meaningless suggestions
30
+
31
+ Silently discard low-confidence comments. Display the remaining comments.
32
+
33
+ ### Step 3: Fix
34
+
35
+ Automatically fix issues and suggestions that are worth adopting.
@@ -0,0 +1,231 @@
1
+ ---
2
+ name: open-code-review
3
+ description: >
4
+ Performs AI-powered code review on Git changes using the `ocr` CLI from
5
+ alibaba/open-code-review. Use when the user asks to review code, review
6
+ a pull request, review staged/unstaged changes, review a commit, or
7
+ compare branches for code quality issues. Produces line-level review
8
+ comments and can automatically apply fixes when requested. With appropriate
9
+ review rules, can detect various types of issues including bugs, security
10
+ vulnerabilities, performance problems, and code quality concerns.
11
+ license: Apache-2.0
12
+ compatibility: >
13
+ Requires the `ocr` CLI installed (via `npm install -g
14
+ @alibaba-group/open-code-review` or GitHub release binary). Requires a
15
+ configured LLM (Anthropic or OpenAI-compatible) before first run.
16
+ metadata:
17
+ author: alibaba
18
+ homepage: https://github.com/alibaba/open-code-review
19
+ version: "1.0.0"
20
+ ---
21
+
22
+ # Open Code Review
23
+
24
+ A skill for invoking [open-code-review](https://github.com/alibaba/open-code-review) (`ocr`) — an open-source AI code review CLI that reads Git diffs and generates structured, line-level review comments.
25
+
26
+ ## Prerequisites check
27
+
28
+ Before starting a review, verify the environment:
29
+
30
+ ```bash
31
+ # 1. Check the CLI is installed
32
+ which ocr || echo "NOT INSTALLED"
33
+
34
+ # 2. Verify LLM connectivity
35
+ ocr llm test
36
+ ```
37
+
38
+ If `ocr` is not installed, install it first:
39
+
40
+ ```bash
41
+ npm install -g @alibaba-group/open-code-review
42
+ ```
43
+
44
+ If `ocr llm test` fails, the user must configure an LLM. Guide them with one of these options:
45
+
46
+ **Option A — Environment variables (highest priority, recommended for CI):**
47
+
48
+ ```bash
49
+ export OCR_LLM_URL=https://api.anthropic.com/v1/messages
50
+ export OCR_LLM_TOKEN=<api-key>
51
+ export OCR_LLM_MODEL=claude-opus-4-6
52
+ export OCR_USE_ANTHROPIC=true
53
+ ```
54
+
55
+ **Option B — Persistent config:**
56
+
57
+ ```bash
58
+ ocr config set llm.url https://api.anthropic.com/v1/messages
59
+ ocr config set llm.auth_token <api-key>
60
+ ocr config set llm.model claude-opus-4-6
61
+ ocr config set llm.use_anthropic true
62
+ ```
63
+
64
+ Stop here and ask the user to provide credentials — never invent or hardcode API keys.
65
+
66
+ ## Workflow
67
+
68
+ ### Step 1: Gather Business Context
69
+
70
+ Analyze the review target (commits, branch, or changes) to extract concise business context. Pass this context via `--background` to improve review quality.
71
+
72
+ ### Step 2: Run Code Review
73
+
74
+ Run the OCR command with appropriate flags. **Always pass business context via `--background`** when available:
75
+
76
+ ```bash
77
+ ocr review --audience agent --background "business context here" [user-args]
78
+ ```
79
+
80
+ **Argument handling:**
81
+
82
+ - **Background context** (RECOMMENDED): use `--background "context"` or `-b "context"` to provide business context for better review quality
83
+ - **Default** (no user arguments): reviews staged, unstaged, and untracked changes (workspace mode)
84
+ - **Specific commit**: use `--commit` or `-c` to review a single commit against its parent
85
+ - **Branch comparison**: use `--from <ref>` and `--to <ref>` to review diff between two refs
86
+ - **Timeout**: default timeout is 10 minutes per file; adjust with `--timeout <minutes>`
87
+ - **Concurrency**: default concurrency is 8 file workers; reduce with `--concurrency <n>` if rate limits are hit
88
+ - **Preview mode**: use `--preview` or `-p` to preview which files will be reviewed without running the LLM
89
+ - **Installation**: if `ocr` command is not found, install it by running `npm i -g @alibaba-group/open-code-review`
90
+
91
+ **Common invocation patterns:**
92
+
93
+ | User says | Command to run |
94
+ |-----------|---------------|
95
+ | "review my changes" / "review the working copy" | `ocr review --audience agent -b "context"` |
96
+ | "review this PR" / "review feature branch" | `ocr review --audience agent -b "context" --from main --to <branch>` |
97
+ | "review commit abc123" | `ocr review --audience agent -b "context" --commit abc123` |
98
+ | "what would be reviewed?" (dry-run) | `ocr review --preview` |
99
+
100
+ **Output mode:**
101
+
102
+ - Always use `--audience agent` to suppress progress UI and emit only the final summary
103
+
104
+ ### Step 3: Classify and Report
105
+
106
+ For each comment from the review output, classify by priority and report all issues to the user:
107
+
108
+ - **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals
109
+ - **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation
110
+ - **Low**: Likely false positives, lacking sufficient context, nitpicks, or meaningless suggestions
111
+
112
+ Report all comments grouped by priority level.
113
+
114
+ ### Step 4: Fix
115
+
116
+ Before applying fixes, check whether the user requested automatic fixes:
117
+
118
+ - If the user explicitly requested "review and fix" or similar, proceed with automatic fixes
119
+ - If the user only requested "review" without fix intent, ask for permission before applying any changes
120
+
121
+ When fixing issues and suggestions:
122
+
123
+ - Focus on High and Medium priority items
124
+ - Apply fixes directly to the code when safe and well-defined
125
+ - For complex fixes requiring manual intervention, clearly describe what needs to be done
126
+ - Always verify fixes with the user before committing
127
+
128
+ ## Output Format
129
+
130
+ Each comment contains:
131
+
132
+ - `path`: File path
133
+ - `content`: Review comment text
134
+ - `start_line` / `end_line`: Line range (both 0 means positioning failed)
135
+ - `suggestion_code`: Optional fix suggestion
136
+ - `existing_code`: Optional original code snippet
137
+ - `thinking`: Optional LLM reasoning process
138
+
139
+ After filtering comments by priority, present results using this template:
140
+
141
+ ```markdown
142
+ ## Code Review Results
143
+
144
+ **Files reviewed**: N
145
+ **Issues found**: X high priority / Y medium priority
146
+
147
+ ### High Priority
148
+
149
+ - **`path/to/file.java:42`** — Brief description
150
+ > Recommendation: How to fix
151
+
152
+ ### Medium Priority
153
+
154
+ - **`path/to/file.ts:88`** — Brief description
155
+ > Recommendation: How to fix (if applicable)
156
+ ```
157
+
158
+ If the review found no issues after filtering, simply state: "Review complete — no issues found in N files."
159
+
160
+ **Priority classification:**
161
+
162
+ - **High**: Obvious bugs, security issues, clear mistakes, or well-founded suggestions with precise fix proposals
163
+ - **Medium**: Reasonable concerns but context-dependent, style/performance suggestions, or fixes that require manual implementation
164
+ - **Low**: Discarded silently (likely false positives, lacking context, nitpicks, or meaningless suggestions)
165
+
166
+ **Handling mispositioned comments:**
167
+
168
+ When `start_line` and `end_line` are both `0`, the comment failed to locate the exact position in the file. In such cases:
169
+
170
+ 1. Read the comment content to understand the issue
171
+ 2. Examine the target file mentioned in the comment
172
+ 3. Identify the relevant code section based on the comment's context
173
+ 4. Apply the fix or suggestion to the correct location
174
+
175
+ ## Custom Review Rules
176
+
177
+ If the user wants project-specific rules, OCR resolves them in this priority order:
178
+
179
+ 1. `--rule <path>` flag (highest)
180
+ 2. `<repo>/.opencodereview/rule.json`
181
+ 3. `~/.opencodereview/rule.json`
182
+ 4. Built-in system defaults (lowest)
183
+
184
+ Rule file format:
185
+
186
+ ```json
187
+ {
188
+ "rules": [
189
+ {
190
+ "path": "**/*.java",
191
+ "rule": "All new methods must validate required parameters for null"
192
+ },
193
+ {
194
+ "path": "**/*mapper*.xml",
195
+ "rule": "Check SQL for injection risks and missing closing tags"
196
+ }
197
+ ]
198
+ }
199
+ ```
200
+
201
+ To preview which rule applies to a file before reviewing:
202
+
203
+ ```bash
204
+ ocr rules check src/main/java/com/example/Foo.java
205
+ ```
206
+
207
+ ## Gotchas
208
+
209
+ - **LLM must be configured first** — `ocr review` will fail loudly if no LLM is reachable. Always run `ocr llm test` before the first review.
210
+ - **Working directory matters** — `ocr review` operates on the Git repo at the current directory. Use `--repo /path/to/repo` to run from elsewhere.
211
+ - **Untracked files are reviewed in workspace mode** — running bare `ocr review` includes staged, unstaged, *and* untracked changes. Stage selectively if you want narrower scope.
212
+ - **Large diffs may hit token limits** — files with very large diffs may be truncated. The default `MAX_TOKENS` is 58888 per request.
213
+ - **Plan phase triggers at 50 lines** — diffs exceeding 50 changed lines run an extra risk-analysis phase before main review. This adds latency but improves quality.
214
+ - **Don't pass `--audience human`** — it streams progress UI that pollutes output. Always use `--audience agent`.
215
+ - **Comment language follows config** — set `language` config to `English` or `Chinese` (default: Chinese) to control review comment language.
216
+
217
+ ## Validation
218
+
219
+ After the review completes, verify success by checking:
220
+
221
+ 1. The command exited with code 0
222
+ 2. Comments were generated (or "No comments generated" message appears)
223
+ 3. Warnings (if any) are displayed in stderr
224
+
225
+ If errors occurred, check the stderr warnings for details about which files failed and why.
226
+
227
+ ## References
228
+
229
+ - Full docs: https://github.com/alibaba/open-code-review
230
+ - NPM package: https://www.npmjs.com/package/@alibaba-group/open-code-review
231
+ - Issue tracker: https://github.com/alibaba/open-code-review/issues
Binary file